rebase to v0.6.0

.gitignore

@@ -49,3 +49,4 @@
 /firewalld-0.5.1.tar.gz
 /firewalld-0.5.2.tar.gz
 /firewalld-0.5.3.tar.gz
+/firewalld-0.6.0.tar.gz

0001-IPv6-rpfilter-explicitly-allow-neighbor-solicitation.patch

@@ -1,48 +0,0 @@
-From 0cf02b4c0d4a3b7f55ded6d4d41cf184bc1881e0 Mon Sep 17 00:00:00 2001
-From: Eric Garver <e@erig.me>
-Date: Tue, 3 Jul 2018 09:12:28 -0400
-Subject: [PATCH] IPv6 rpfilter: explicitly allow neighbor solicitation
-
-Some kernel versions (4.16-4.17) have a bug which causes the rpfilter
-extension to not match neighbor solicitation frames. This causes the
-IPv6 rpfilter to mistakenly drop them. Lets work around the buggy kernel
-versions by explicitly allowing neighbor solicitation.
-
-Fixes: rhbz 1575431
-(cherry picked from commit 3d6a5063566319b5df58c6f738f203e88724961e)
----
- src/firewall/core/ipXtables.py | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py
-index 437808027155..c2aac90d838c 100644
---- a/src/firewall/core/ipXtables.py
-+++ b/src/firewall/core/ipXtables.py
-@@ -474,16 +474,21 @@ class ip6tables(ip4tables):
- 
-     def apply_rpfilter_rules(self, transaction, log_denied=False):
-             transaction.add_rule(self.ipv,
--                                 [ "-I", "PREROUTING", "1", "-t", "raw",
-+                          [ "-I", "PREROUTING", "1", "-t", "raw",
-+                            "-p", "ipv6-icmp",
-+                            "--icmpv6-type=neighbour-solicitation",
-+                            "-j", "ACCEPT" ]) # RHBZ#1575431, kernel bug in 4.16-4.17
-+            transaction.add_rule(self.ipv,
-+                                 [ "-I", "PREROUTING", "2", "-t", "raw",
-                                    "-p", "ipv6-icmp",
-                                    "--icmpv6-type=router-advertisement",
-                                    "-j", "ACCEPT" ]) # RHBZ#1058505
-             transaction.add_rule(self.ipv,
--                                 [ "-I", "PREROUTING", "2", "-t", "raw",
-+                                 [ "-I", "PREROUTING", "3", "-t", "raw",
-                                    "-m", "rpfilter", "--invert", "-j", "DROP" ])
-             if log_denied != "off":
-                 transaction.add_rule(self.ipv,
--                                     [ "-I", "PREROUTING", "2", "-t", "raw",
-+                                     [ "-I", "PREROUTING", "3", "-t", "raw",
-                                        "-m", "rpfilter", "--invert",
-                                        "-j", "LOG",
-                                        "--log-prefix", "rpfilter_DROP: " ])
--- 
-2.16.3
-

firewalld.spec

@@ -1,18 +1,13 @@
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
-Version: 0.5.3
-Release: 4%{?dist}
+Version: 0.6.0
+Release: 1%{?dist}
 URL:     http://www.firewalld.org
 License: GPLv2+
 Source0: https://github.com/firewalld/firewalld/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
-%if 0%{?fedora}
 Source1: FedoraServer.xml
 Source2: FedoraWorkstation.xml
-%endif
-%if 0%{?fedora}
 Patch0: firewalld-0.2.6-MDNS-default.patch
-Patch1: 0001-IPv6-rpfilter-explicitly-allow-neighbor-solicitation.patch
-%endif
 BuildArch: noarch
 BuildRequires: autoconf
 BuildRequires: automake
@@ -25,33 +20,19 @@ BuildRequires: systemd-units
 BuildRequires: docbook-style-xsl
 BuildRequires: libxslt
 BuildRequires: iptables, ebtables, ipset
-BuildRequires:  python3-devel
+BuildRequires: nftables
+BuildRequires: python3-devel
 Requires: iptables, ebtables, ipset
+Requires: nftables >= 0.9.0
+Requires: kernel >= 4.18.0
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
 Requires: firewalld-filesystem = %{version}-%{release}
 Requires: python3-firewall  = %{version}-%{release}
-%if 0%{?fedora} == 23
-Conflicts: selinux-policy < 3.13.1-158.25
-%endif
-%if 0%{?fedora} == 24
-Conflicts: selinux-policy < 3.13.1-191.23
-%endif
-%if 0%{?fedora} == 25
-Conflicts: selinux-policy < 3.13.1-225
-%endif
-%if 0%{?fedora} > 25
-Conflicts: selinux-policy < 3.13.1-227
-%endif
-%if 0%{?rhel} >= 7
-Conflicts: selinux-policy < 3.13.1-89
-Conflicts: squid < 7:3.5.10-1
-%endif
-# Obsolete firewalld-selinux-0.4.4.2-1
 Obsoletes: firewalld-selinux < 0.4.4.2-2
+Conflicts: selinux-policy < 3.14.1-28
 
-%if 0%{?fedora} > 21
 Provides: variant_config(Server)
 Provides: variant_config(Workstation)
 
@@ -60,7 +41,6 @@ Obsoletes: firewalld-config-standard <= 0.3.15
 Obsoletes: firewalld-config-cloud <= 0.3.15
 Obsoletes: firewalld-config-server <= 0.3.15
 Obsoletes: firewalld-config-workstation <= 0.3.15
-%endif
 
 %description
 firewalld is a firewall service daemon that provides a dynamic customizable 
@@ -76,11 +56,7 @@ Obsoletes: python2-firewall < 0.5.2-2
 Requires: python3-dbus
 Requires: python3-slip-dbus
 Requires: python3-decorator
-%if (0%{?fedora} >= 23 || 0%{?rhel} >= 8)
 Requires: python3-gobject-base
-%else
-Requires: python3-gobject
-%endif
 
 %description -n python3-firewall
 Python3 bindings for firewalld.
@@ -97,11 +73,7 @@ Summary: Firewall panel applet
 Requires: %{name} = %{version}-%{release}
 Requires: firewall-config = %{version}-%{release}
 Requires: hicolor-icon-theme
-%if 0%{?fedora} >= 26
 Requires: python3-qt5-base
-%else
-Requires: python3-qt5
-%endif
 Requires: python3-gobject
 Requires: libnotify
 Requires: NetworkManager-libnm
@@ -127,8 +99,6 @@ firewalld.
 %prep
 %autosetup -p1
 ./autogen.sh
-sed -i -e 's|/usr/bin/python -Es|%{__python3} -Es|' ./fix_python_shebang.sh
-sed -i 's|/usr/bin/python|%{__python3}|' ./config/lockdown-whitelist.xml
 
 %build
 %configure --enable-sysconfig --enable-rpmmacros PYTHON=%{__python3}
@@ -145,7 +115,6 @@ desktop-file-install --delete-original \
   --dir %{buildroot}%{_datadir}/applications \
   %{buildroot}%{_datadir}/applications/firewall-config.desktop
 
-%if 0%{?fedora} > 20
 install -d -m 755 %{buildroot}%{_prefix}/lib/firewalld/zones/
 install -c -m 644 %{SOURCE1} %{buildroot}%{_prefix}/lib/firewalld/zones/FedoraServer.xml
 install -c -m 644 %{SOURCE2} %{buildroot}%{_prefix}/lib/firewalld/zones/FedoraWorkstation.xml
@@ -167,7 +136,6 @@ sed -i 's|^DefaultZone=.*|DefaultZone=FedoraWorkstation|g' \
     %{buildroot}%{_sysconfdir}/firewalld/firewalld-workstation.conf
 
 rm -f %{buildroot}%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
-%endif
 
 %find_lang %{name} --all-name
 
@@ -180,7 +148,6 @@ rm -f %{buildroot}%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.poli
 %postun
 %systemd_postun_with_restart firewalld.service 
 
-%if 0%{?fedora} > 21
 %posttrans
 # If we don't yet have a symlink or existing file for firewalld.conf,
 # create it. Note: this will intentionally reset the policykit policy
@@ -213,14 +180,12 @@ if [ ! -e %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy ]; th
             ln -sf org.fedoraproject.FirewallD1.server.policy.choice %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
     esac
 fi
-%endif
 
 %files -f %{name}.lang
 %doc COPYING README
 %{_sbindir}/firewalld
 %{_bindir}/firewall-cmd
 %{_bindir}/firewall-offline-cmd
-%{_bindir}/firewallctl
 %dir %{_datadir}/bash-completion/completions
 %{_datadir}/bash-completion/completions/firewall-cmd
 %{_prefix}/lib/firewalld/icmptypes/*.xml
@@ -228,18 +193,11 @@ fi
 %{_prefix}/lib/firewalld/services/*.xml
 %{_prefix}/lib/firewalld/zones/*.xml
 %{_prefix}/lib/firewalld/helpers/*.xml
-%{_prefix}/lib/firewalld/xmlschema/check.sh
-%{_prefix}/lib/firewalld/xmlschema/*.xsd
 %attr(0750,root,root) %dir %{_sysconfdir}/firewalld
-%if 0%{?fedora} > 21
 %ghost %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
 %config(noreplace) %{_sysconfdir}/firewalld/firewalld-standard.conf
 %config(noreplace) %{_sysconfdir}/firewalld/firewalld-server.conf
 %config(noreplace) %{_sysconfdir}/firewalld/firewalld-workstation.conf
-%endif
-%if 0%{?rhel} >= 8
-%config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
-%endif
 %config(noreplace) %{_sysconfdir}/firewalld/lockdown-whitelist.xml
 %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/helpers
 %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/icmptypes
@@ -252,14 +210,8 @@ fi
 %config(noreplace) %{_sysconfdir}/dbus-1/system.d/FirewallD.conf
 %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.desktop.policy.choice
 %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.server.policy.choice
-%if 0%{?fedora} > 21
 %ghost %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
-%endif
-%if 0%{?rhel} >= 8
-%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
-%endif
 %{_mandir}/man1/firewall*cmd*.1*
-%{_mandir}/man1/firewallctl*.1*
 %{_mandir}/man1/firewalld*.1*
 %{_mandir}/man5/firewall*.5*
 %{_sysconfdir}/modprobe.d/firewalld-sysctls.conf
@@ -293,7 +245,6 @@ fi
 %dir %{_prefix}/lib/firewalld/ipsets
 %dir %{_prefix}/lib/firewalld/services
 %dir %{_prefix}/lib/firewalld/zones
-%dir %{_prefix}/lib/firewalld/xmlschema
 %{_rpmconfigdir}/macros.d/macros.firewalld
 
 %files -n firewall-applet
@@ -318,6 +269,10 @@ fi
 %{_mandir}/man1/firewall-config*.1*
 
 %changelog
+* Thu Jul 19 2018 Eric Garver <egarver@redhat.com> - 0.6.0-1
+- rebase package to v0.6.0
+- simplify spec file
+
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 

sources

@@ -1 +1 @@
-SHA512 (firewalld-0.5.3.tar.gz) = be6074f1b02d42635c7f03a32372290365229caef91fda72c3c29cf3d2e4232e1901a79ccd27357e0cb69db9fc22730c957d479eefe0070c690fddabdcd0799d
+SHA512 (firewalld-0.6.0.tar.gz) = 38f757c9cdfdd3cc2765c94253581f01bad2f9ce279f96add0f4c6517200452ce1e38ed5b08fb2fba34b064cf93de0cdb50e8e10bf42efea0bc34032716dd5b6